summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-11-01tests: add test that journald keeps fds over termination by signalEvgeny Vereshchagin
This test fails before previous commit, and passes with it.
2016-11-01core: when restarting services, don't close fdsZbigniew Jędrzejewski-Szmek
We would close all the stored fds in service_release_resources(), which of course broke the whole concept of storing fds over service restart. Fixes #4408.
2016-11-01seccomp: allow specifying arm64, mips, ppc (#4491)Zbigniew Jędrzejewski-Szmek
"Secondary arch" table for mips is entirely speculative…
2016-11-01Recognise Lustre as a remote file system (#4530)Brian J. Murrell
Lustre is also a remote file system that wants the network to be up before it is mounted.
2016-10-31test-compression: allow the file to compress to be specifiedZbigniew Jędrzejewski-Szmek
I'm seeing strange decompression errors with lz4, which might be content-dependent. Extend test-compression to allow testing specific content. (Edit: PEBKAC: lzcat and lz4cat are not the same beast. Nevertheless, the test might still be useful in the future.)
2016-10-31man: fix typos (#4527)Jakub Wilk
2016-10-30Implement VeraCrypt volume handling in crypttab (#4501)George Hilliard
This introduces a new option, `tcrypt-veracrypt`, that sets the corresponding VeraCrypt flag in the flags passed to cryptsetup.
2016-10-30tests: clarify test_path_startswith return value (#4508)Zbigniew Jędrzejewski-Szmek
A pendant for #4481.
2016-10-29Merge pull request #4520 from lucaswerkmeister/systemd-escape-manZbigniew Jędrzejewski-Szmek
systemd-escape manpage improvements
2016-10-30man: make systemd-escape examples more consistentLucas Werkmeister
The first example wasn't phrased with "To ..." as the other three are, and the last example was lacking the colon.
2016-10-30man: add missing periodLucas Werkmeister
2016-10-30man: improve systemd-escape --path descriptionLucas Werkmeister
The option does more than the documentation gave it credit for.
2016-10-28man: add a note that FDSTORE=1 requires epoll-compatible fdsZbigniew Jędrzejewski-Szmek
Let's say that this was not obvious from our man page.
2016-10-28pid1: nicely log when doing operation on stored fdsZbigniew Jędrzejewski-Szmek
Should help with debugging #4408.
2016-10-28pid1: only log about added fd if it was really addedZbigniew Jędrzejewski-Szmek
If it was a duplicate, log nothing.
2016-10-28.gitignore: ignore precompiled GCC headers (#4516)Daniel Mack
Not sure since when this is the default behavior, but my local tree is full of such files. Let's ignore them for clarity.
2016-10-28Merge pull request #4495 from topimiettinen/block-shmat-execDjalal Harouni
seccomp: also block shmat(..., SHM_EXEC) for MemoryDenyWriteExecute
2016-10-28Merge pull request #4458 from keszybz/man-nonewprivilegesMartin Pitt
Document NoNewPrivileges default value
2016-10-28udev: allow substitutions for SECLABEL key (#4505)Michal Sekletar
2016-10-27systemctl: warn when cat shows changed unit files (#4493)Lucas Werkmeister
Suggested by @keszybz in #4488.
2016-10-27Merge pull request #4485 from endocode/djalal/portable-branch-v1Zbigniew Jędrzejewski-Szmek
core: improve mount namespace and working directory setup
2016-10-27Merge pull request #4442 from keszybz/detect-virt-usernsEvgeny Vereshchagin
detect-virt: add --private-users switch to check if a userns is active; add Condition=private-users
2016-10-27core: make unit argument const for apply seccomp functionsDjalal Harouni
2016-10-27core: lets apply working directory just after mount namespacesDjalal Harouni
This makes applying groups after applying the working directory, this may allow some flexibility but at same it is not a big deal since we don't execute or do anything between applying working directory and droping groups.
2016-10-27core: get the working directory value inside apply_working_directory()Djalal Harouni
Improve apply_working_directory() and lets get the current working directory inside of it.
2016-10-27core: move apply working directory code into its own apply_working_directory()Djalal Harouni
2016-10-27core: move the code that setups namespaces on its own functionDjalal Harouni
2016-10-26hwdb: fix error check of wrong variable (#4499)Thomas H. P. Andersen
We updated 'fn' but checked 'v' instead. From 698c5a17 Spotted with PVS
2016-10-26Merge pull request #4448 from msoltyspl/vcfixZbigniew Jędrzejewski-Szmek
Fix some formatting details in the merge.
2016-10-26units: disable /dev/hugepages in private user namespacesZbigniew Jędrzejewski-Szmek
The mount fails, even though CAP_SYS_ADMIN is granted.
2016-10-26condition: simplify condition_test_virtualizationZbigniew Jędrzejewski-Szmek
Rewrite the function to be slightly simpler. In particular, if a specific match is found (like ConditionVirtualization=yes), simply return an answer immediately, instead of relying that "yes" will not be matched by any of the virtualization names below. No functional change.
2016-10-26test-tables: test ConditionVirtualizationZbigniew Jędrzejewski-Szmek
2016-10-26shared/condition: add ConditionVirtualization=[!]private-usersZbigniew Jędrzejewski-Szmek
This can be useful to silence warnings about units which fail in userns container.
2016-10-26detect-virt: add --private-users switch to check if a userns is activeZbigniew Jędrzejewski-Szmek
Various things don't work when we're running in a user namespace, but it's pretty hard to reliably detect if that is true. A function is added which looks at /proc/self/uid_map and returns false if the default "0 0 UINT32_MAX" is found, and true if it finds anything else. This misses the case where an 1:1 mapping with the full range was used, but I don't know how to distinguish this case. 'systemd-detect-virt --private-users' is very similar to 'systemd-detect-virt --chroot', but we check for a user namespace instead.
2016-10-26gitignore: add test-seccomp (#4498)Thomas H. P. Andersen
2016-10-26networkd : verify dns ip address when parsing configuration (#4492)Susant Sahani
Invalid IP addresses would be passed through as-is: $ networkctl status wlp3s0: ● 2: wlp3s0 Link File: /usr/lib/systemd/network/99-default.link Network File: /etc/systemd/network/wlp3s0.network Type: wlan State: routable (configured) Path: pci-0000:03:00.0 Driver: iwlwifi Vendor: Intel Corporation Model: Centrino Advanced-N 6205 [Taylor Peak] (Centrino Advanced-N 6205 AGN) HW Address: XXXXXXXXXX (Intel Corporate) Address: 192.168.2.103 XXXXXXXXXXX Gateway: 192.168.2.1 (Arcadyan Technology Corporation) DNS: 127.0.0.5553 Instead verify that DNS= has a valid list of addresses when parsing configuration. Fixes #4462.
2016-10-26vconsole: manual update (#4021)Michal Soltys
To more correctly reflect current behaviour as well as to provide a few more details.
2016-10-26seccomp: also block shmat(..., SHM_EXEC) for MemoryDenyWriteExecuteTopi Miettinen
shmat(..., SHM_EXEC) can be used to create writable and executable memory, so let's block it when MemoryDenyWriteExecute is set.
2016-10-26vconsole: setup_remaining_vcs() - more sanity checksMichal Soltys
Check if values filled up by KD_FONT_OP_GET ioctl make sense - dummy driver for example doesn't implement required functionality at all.
2016-10-25man: document that systemctl cat shows file content (#4488)Lucas Werkmeister
... and that that content might be outdated.
2016-10-25build-sys/autogen: don't use bashisms (#4489)Evgeny Vereshchagin
Fixes: $ ls -l /bin/sh lrwxrwxrwx 1 root root 4 Feb 17 2016 /bin/sh -> dash $ ./autogen.sh c ./autogen.sh: 22: ./autogen.sh: [[: not found ... checking whether make supports nested variables... (cached) yes checking build system type... Invalid configuration `c': machine `c' not recognized configure: error: /bin/bash build-aux/config.sub c failed this is a follow-up for a5e739a570081231
2016-10-25Merge pull request #4476 from poettering/systemctl-freeMartin Pitt
two minor systemctl memleak fixes
2016-10-25test: skip exec tests when inaccessible dir is unavailableDongsu Park
In case of running test-execute on systems with systemd < v232, several tests like privatedevices or protectkernelmodules fail because /run/systemd/inaccessible/ doesn't exist. In these cases, we should skip tests to avoid unnecessary errors. See also https://github.com/systemd/systemd/pull/4243#issuecomment-253665566
2016-10-25systemctl: fix two minor memory leaks in --wait handlingLennart Poettering
(Also, let's not use the binary |= operator on "bool" variables). Fix-up for 93a0884126146361ca078ec627da2cf766205a1c.
2016-10-25update NEWS file a bit moreLennart Poettering
2016-10-25Merge pull request #4474 from poettering/nsswitchMartin Pitt
various nss module/resolved fixes
2016-10-24man: document the default value of NoNewPrivileges=Zbigniew Jędrzejewski-Szmek
Fixes #4329.
2016-10-24Merge pull request #4450 from poettering/seccompfixesZbigniew Jędrzejewski-Szmek
Various seccomp fixes and NEWS update.
2016-10-25man: Fix event source priority enum names in synopsis (#4478)Martin Ejdestig
2016-10-24Merge pull request #4477 from poettering/enumerate-load-fixLennart Poettering
Properly synthesize -.slice and init.scope